[CentOS] selinux stuff - I just don't get
Peter Farrow
peter at farrows.org
Mon Nov 14 11:18:25 UTC 2005
We've been here before by the way
http://lists.centos.org/pipermail/centos/2005-May/006303.html
Peter Farrow wrote:
> Thats because its entirely possible to make a system secure without
> Selinux, it was only born in Centos from Version 4.
>
> While I would never recommend turning off a firewall, I would
> recommend turning off Selinux: a firewall doesn't stop stuff on the
> box working properly as it ships, Selinux does.
>
> For example anything that would stop squid running properly out of the
> box (as Selinux does) is of limited value, in this instance its not
> required, it gets in the way, it IS easily possible to have a secure
> system without Selinux, whereas that is doubtful without a firewall.
> Chalk and cheese springs to mind.
>
> If Selinux is the "baby" in your metaphor, then the best thing to with
> it is hold it under the water until it stops moving....
>
> For those of us who know how to configure secure systems (and I'm not
> suggesting you don't Tony by any stretch) Selinux is additionaly bloat
> I (we) don't really need. It just slows the system down...
>
> I''ve never needed it......
>
> Pete
>
>
>
>
>
> Tony wrote:
>
>> On 11/14/05, *Peter Farrow* <peter at farrows.org
>> <mailto:peter at farrows.org>> wrote:
>>
>> /etc/selinux/config
>>
>> Change this line:
>>
>> SELINUX=enforcing
>>
>> to this:
>>
>> SELINUX=disabled
>>
>>
>> It always amazes me how quick people are to suggest that you just
>> switch selinux off, without balancing the suggestion with an
>> explanation of what they are losing by doing this. Would you switch a
>> firewall off because it keeps filling your log files up with packet
>> info? An English expression involving babies and bathwater springs
>> to mind ;-)
>>
>> --
>> Cheers,
>>
>> Tony
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
More information about the CentOS
mailing list